The readline support change freed input just after ss_execute_line(),
but input can be used in the error block immediately following. Free
input after the error block instead.
The new implementation should be more friendly to static analyzers.
Coverity was getting confused into thinking that profile_iterator()
had the effect of returning a freed name pointer.
Prior to the pluggable configuration work, profile_get_values() and
friends would return PROF_NO_PROFILE if called with a null profile.
Restore that behavior.
Define MAX_DNS_NAMELEN unconditionally in k5-int.h as we use it
unconditionally in kdc_util.c. Don't define it in locate_kdc.c.
Conditionalize dns_locate_server() in locate_kdc.c as its only call
site (in k5_locate_server) and its helper function (locate_srv_dns_1)
are conditional.
Fix gss_set_cred_option cred creation with no name
When creating a cred in the mechglue with gss_acquire_cred, the
mechanism is allowed to return no name from gss_inquire_cred. But in
the analagous operation in gss_set_cred_option, that would result in
an error from gss_display_name. Make the call to gss_display_name
conditional on the mechanism name being set. Reported by Andrew
Bartlett.
By default, look for libedit (using pkg-config) and use it in libss.
Alternatively, the builder can explicitly ask for GNU Readline, but
using it will break the dejagnu test suite and will also add a GPL
dependency to libss and the programs using it.
Tom Yu [Mon, 11 Jul 2011 17:53:25 +0000 (17:53 +0000)]
use timegm() for krb5int_gmt_mktime() when available
Use timegm() if it is available, so that krb5int_gmt_mktime()
functions correctly on systems configured with a "right"
(leap-second-aware) time zone. It is arguably an OS bug if a "right"
time zone can be configured on a system that lacks timegm().
Due to a current lack of evidence of affected systems, the additional
workaround of replacing gmtime() with a version that always ignores
leap seconds is deferred.
If a principal has no associated kadm5 policy, we may still get
password quality errors from a module (KDB or pwqual). There was a
bug in the error generation for this case which caused only a generic
error to be returned.
Also use snprintf() instead of multiple string operations to compose
errors.
Zhanna Tsitkov [Wed, 29 Jun 2011 18:30:51 +0000 (18:30 +0000)]
Added "Realm configuration decisions" and "Incremental database propagation" sections.
Updated some cross-file references
Restored kadm5.acl s option in "Privileges" section
Greg Hudson [Tue, 28 Jun 2011 14:07:07 +0000 (14:07 +0000)]
Get static linking working again, mostly
Static linking (#6510) broke when lockout support was added because
the DB2 plugin became dependent on libkadm5srv_mit for XDR functions.
Also, static linking was extensively broken in combination with LDAP
support. Fix these problems.
Afer these fixes, the test suite fails in the FAST tests because
there's no static build support for dynamic preauth plugins, which
means there's no encrypted challenge. (And unlike the pkinit tests,
the test suite doesn't conditionalize on the presence of the encrypted
challenge plugin, because we always build it.) This will fix itself
if and when encrypted challenge becomes linked into the consumers, or
static build support is added for preauth plugins.
Greg Hudson [Mon, 27 Jun 2011 21:07:20 +0000 (21:07 +0000)]
Add a missing call in t_kgss_user.c
The userland side of the gss kernel subset tests was missing a call to
read_iov_token() at the end of the operation sequence. This mistake
caused a race condition where the child could either exit successfully
(if it finished send_iov_token() before the parent closed its end of
the pipe) or could fail with an EPIPE error from write().
Zhanna Tsitkov [Mon, 27 Jun 2011 14:49:44 +0000 (14:49 +0000)]
Removed 'viewcode' extension from the conf.py as not-required for the "minimal" build (i.e. build without Complete API and datatype reference section).
Added README file for sphinx-build.
Greg Hudson [Fri, 24 Jun 2011 20:12:28 +0000 (20:12 +0000)]
Make fewer db lookups in kadm5_create_principal_3
By creating the password history entry earlier in the function, we can
avoid the need to look up the principal entry twice just to save a
copy of the key data.
Greg Hudson [Thu, 23 Jun 2011 19:50:04 +0000 (19:50 +0000)]
Don't destroy dst on error in krb5_cc_move
Although destroying any partial contents of dst on error isn't a bad
idea, invalidating the handle would be an incompatible change. So
revert that part of r24754.
Greg Hudson [Thu, 23 Jun 2011 19:26:01 +0000 (19:26 +0000)]
Fix a minor memory leak in kadmin
kadmin_getprinc() was using the variable "canon" for two purposes.
After r22785, canon wasn't freed between constructions, so the first
value was leaked. Fix by using separate variables for separate
strings.
Greg Hudson [Thu, 23 Jun 2011 19:25:51 +0000 (19:25 +0000)]
Fix multiple libkdb_ldap memory leaks
* krb5_ldap_policydn_to_name wasn't freeing rdn, and was using the
wrong function to free dn, in the HAVE_LDAP_STR2DN CASE.
* populate_krb5_db_entry wasn't freeing the tl_data generated from
ber_tl_data.
* populate_krb5_db_entry was using the wrong function to free
a password policy when finding pw_max_life.
* krb5_ldap_put_principal wasn't freeing ber_tl_data.
* krb5_update_tl_kadm_data had a bad contract. Change the contract
to be more like krb5_dbe_update_mod_princ_data and simplify its
memory management.
Zhanna Tsitkov [Thu, 23 Jun 2011 19:03:34 +0000 (19:03 +0000)]
doxy.py is a translator from Doxygen xml output into the restructuredText format.
The generated output may be used in Sphinx documentation project for the complete API and data type reference.
Zhanna Tsitkov [Thu, 23 Jun 2011 14:59:45 +0000 (14:59 +0000)]
Initial commit of the Sphinx documentation source.
One can build Sphinx documentation set in the html format by calling:
sphinx-build sourcedir builddir
For example:
sphinx-build ./rst_source /tmp/build
Note: This commit does not include the "Complete Reference - API and datatypes". This results into partial disabling of the function cross-referencing enhancement in the generated documentation.
Greg Hudson [Thu, 23 Jun 2011 04:13:45 +0000 (04:13 +0000)]
Use AI_ADDRCONFIG for more efficient getaddrinfo
Add AI_ADDRCONFIG to the hint flags for every invocation of
getaddrinfo which wasn't already using it. This is often the default
behavior when no hints are specified, but we tend to specify hints a
lot, so we have to say it ourselves. AI_ADDRCONFIG causes AAAA
lookups to be skipped if the system has no public IPv6 interface
addresses, usually saving a couple of DNS queries per getaddrinfo
call and allowing DNS caching to be much more effective without the
need for negative caching.
Greg Hudson [Thu, 23 Jun 2011 04:13:38 +0000 (04:13 +0000)]
Work around glibc getaddrinfo PTR lookups
In krb5_sname_to_principal(), we always do a forward canonicalization
using getaddrinfo() with AI_CANONNAME set. Then, we do a reverse
canonicalization with getnameinfo() if rdns isn't set to false in
libdefaults.
Current glibc (tested with eglibc 2.11.1) has the arguably buggy
behavior of doing PTR lookups in getaddrinfo() to get the canonical
name, if hints.ai_family is set to something other than AF_UNSPEC.
This behavior defeats the ability to turn off rdns. Work around this
behavior by using AF_UNSPEC in krb5_sname_to_principal() from the
start, instead of starting with AF_INET and falling back. Specify
AI_ADDRCONFIG to avoid AAAA lookups on hosts with no IPv6 addresses.
Greg Hudson [Fri, 17 Jun 2011 13:44:33 +0000 (13:44 +0000)]
Convert preauth_plugin.h to new plugin framework
The preauth plugin interface was introduced in 1.6 but was never made
a public API. In preparation for making it public in 1.10, convert it
to use the new plugin framework. This will require changes to any
existing preauth plugins.
A number of symbols were renamed for namespace cleanliness, and
abstract types were introduced for module data and module per-request
data for better type safety.
On the consumer end (preauth2.c and kdc_preauth.c), this is a pretty
rough conversion. Eventually we should create proper consumer APIs
with module handles, and the flat lists of preauth types should hold
pointers to module handles rather than copies of the vtables. The
built-in preauth type handlers should then be converted to built-in
module providers linked into the consumer code (as should encrypted
challenge, since it has no external dependencies). None of this will
impact the provider API for preauth plugins, so it can wait.
Greg Hudson [Mon, 13 Jun 2011 18:54:33 +0000 (18:54 +0000)]
Fix old-style GSSRPC authentication
r24147 (ticket #6746) made libgssrpc ignorant of the remote address of
the kadmin socket, even when it's IPv4. This made old-style GSSAPI
authentication fail because it uses the wrong channel bindings. Fix
this problem by making clnttcp_create() get the remote address from
the socket using getpeername() if the caller doesn't provide it and
it's an IPv4 address.
Greg Hudson [Fri, 10 Jun 2011 18:17:22 +0000 (18:17 +0000)]
Add localization support to com_err
* Add compile_et arguments --textdomain and --localedir.
* Store text domain and localedir at the end of error tables.
* error_message() calls dgettext if the table has a text domain.
* add_error_table() calls bindtextdomain if the table has a localedir.
* Define N_() as no-op in generated source and mark up error messages.
* When using system compile_et, test for --textdomain support.
* Use --textdomain option when available.
* Run xgettext over generated sources in compile_et rule.
* Translate com_err results in krb5int_get_error() if com_err won't.
Greg Hudson [Sun, 5 Jun 2011 22:05:04 +0000 (22:05 +0000)]
Remove static error table list in built-in com_err
_et_list has been private to error_message.c since March 2004, and
since nothing in that file ever added entries to it, it is always
NULL. As it's not doing any good, get rid of it, and rename the
dynamic error table list to "et_list", along with its type. Also
remove some old lclint annotations.
Greg Hudson [Fri, 3 Jun 2011 01:00:52 +0000 (01:00 +0000)]
Restore fallback non-referral TGS request to same realm
MIT krb5 1.2 and earlier KDCs reject TGS requests if the canonicalize
bit is set. Prior to 1.9, we used to handle this by making a
non-referral fallback request on any error, but the rewrite in 1.9
mistakenly changed the behavior so that fallback requests are only
made if the original request used the referral realm and the fallback
realm is different from the default realm. Restore the old behavior.
Greg Hudson [Thu, 26 May 2011 18:05:49 +0000 (18:05 +0000)]
Restore krb5_get_credentials caching for referral requests
The krb5_get_credentials() rewrite for IAKERB accidentally omitted the
final step of restoring the requested realm in the output credentials.
As a result, referral entries are not cached, and the caller sees the
actual realm in (*out_creds)->server instead of the referral realm as
before. Fix this in complete() by swapping ctx->req_server into
ctx->reply_creds->server.
Greg Hudson [Sun, 22 May 2011 02:08:37 +0000 (02:08 +0000)]
Fix multiple tl-data updates over iprop
krb5_dbe_update_tl_data() accepts a single read-only tl-data entry,
but ulog_conv_2dbentry() expects it to process a full list. Fix
ulog_conv_2dbentry() to call krb5_db2_update_tl_data() on each entry
individually, simplifying its memory management in the process.
Greg Hudson [Fri, 20 May 2011 15:21:28 +0000 (15:21 +0000)]
Revert r5233 and mark get_age as deprecated in the DAL documentation.
We do not need to check reply retransmissions for staleness any more
than TCP needs to. A genuinely new request will have a different
nonce.
Zhanna Tsitkov [Mon, 16 May 2011 18:36:55 +0000 (18:36 +0000)]
In mk_rd_cred if recv_subkey in the authentication context is NULL and the decryption with the session key fails, do not try to decrypt the message with the session key again.
Greg Hudson [Mon, 16 May 2011 04:20:55 +0000 (04:20 +0000)]
Document the lockout-related options in kadmin (modprinc -unlock and
addpol/modpol -maxfailure, -failurecountinterval, and
-lockoutduration), in the man page and in admin.texinfo. Based on
text submitted by shawn.emery@oracle.com.
Greg Hudson [Mon, 16 May 2011 03:54:16 +0000 (03:54 +0000)]
In kadmin, try using get_date() for lockout-related duration inputs to
modpol and addpol, but still allow bare numbers of seconds since
that's what we took in 1.8 and 1.9. Use strdur() to display
lockout-related durations in getpol. Reported by
shawn.emery@oracle.com.
Greg Hudson [Sat, 14 May 2011 14:49:00 +0000 (14:49 +0000)]
Use hmac-md5 checksum for PA-FOR-USER padata
The MS-S4U documentation specifies that hmac-md5 be used for
PA-FOR-USER checksums; we were using the mandatory checksum type for
the key. Although some other checksum types appear to be allowed by
Active Directory KDCs, Richard Silverman reports that md5-des is not
one of them, causing S4U2Self requests to fail for DES keys.
projects / thirdparty / krb5.git / log
